CPU | 双核双线程-CPU虚拟化开启 | |
---|---|---|
内存 | 6G | |
硬盘 | 300G+1024G(CEPH块存储) | |
双网卡 | VM1-(局域网)192.168.86.11 | NAT-192.168.238.11 |
操作系统 | Centos 7.6(1810)-最小化安装 |
CPU | 双核双线程-CPU虚拟化开启 | |
---|---|---|
内存 | 8G | |
硬盘 | 300G+1024G(CEPH块存储) | |
双网卡 | VM1-(局域网)192.168.86.12 | NAT-192.168.238.12 |
操作系统 | Centos 7.6(1810)-最小化安装 |
CPU | 双核双线程-CPU虚拟化开启 | |
---|---|---|
内存 | 8G | |
硬盘 | 300G+1024G(CEPH块存储) | |
双网卡 | VM1-(局域网)192.168.86.13 | NAT-192.168.238.13 |
操作系统 | Centos 7.6(1810)-最小化安装 |
1、配置操作系统+OpenStack运行环境
2、配置OpenStack平台基础服务(rabbitmq、mariadb、memcache、Apache)
3、配置OpenStack keystone组件
4、配置OpenStack Glance组件
5、配置placement服务
6、配置OpenStack Nova组件
7、配置OpenStack Neutron组件
8、配置OpenStack dashboard组件
9、配置OpenStack Cinder组件
10、常用云主机操作
配置项(所有节点)
hostnamectl set-hostname ct
su
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
c1、c2配置步骤差不多,自己修改
#局域网设置主机模式VMnet1
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
vi /etc/sysconfig/network-scripts/ifcfg-ens36
#记得修改设备名称,UUID
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.86.11
NETMASK=255.255.255.0
#GATEWAY=192.168.86.2
#网络为NAT模式
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 ###调由优先级,NAT网卡优先
ONBOOT=yes
IPADDR=192.168.238.11
NETMASK=255.255.255.0
GATEWAY=192.168.238.2
systemctl restart network #重启网卡
所有节点一样
vi /etc/hosts
192.168.86.11 ct
192.168.86.12 c1
192.168.86.13 c2
#以上为局域网IP
三台节点做免交互
非对称密钥
ssh-keygen -t rsa
ssh-copy-id ct
ssh-copy-id c1
ssh-copy-id c2
(所有节点)
vim /etc/resolv.conf
nameserver 114.114.114.114
yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz
#EXPAT C语言发开库
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils
#OpenStack 的 train 版本仓库源安装 包,同时安装 OpenStack 客户端和 openstack-selinux 安装包
通过控制节点ct时间同步配置
ct ->同步阿里云时钟服务器
c1、c2 -> 同步ct
节点ct
yum install chrony -y
vim /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ntp6.aliyun.com iburst #配置阿里云时钟服务器源
allow 192.168.86.0/24 #允许192.168.86.0/24网段的主机来同步时钟服务
[root@ct ~]# chronyc sources #使用 chronyc sources 命令查询时间同步信息
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 3 -2553us[-4933us] +/- 20ms
#控制节点c1、c2时间同步配置
[root@c1 ~]# vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ct iburst #配置阿里云时钟服务器源
[root@c1 ~]# systemctl enable chronyd.service #永久开启时间同步服务器
[root@c1 ~]# systemctl restart chronyd.service #重启时间同步服务器
[root@c2 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ct 0 7 0 - +0ns[ +0ns] +/- 0ns
#设置周期性任务
[root@c1 ~]# crontab -e #配置计划任务,每隔2分钟同步一次
*/2 * * * * /usr/bin/chronyc sources >> /var/log/chronyc.log
no crontab for root - using an empty one
crontab: installing new crontab
控制节点ct
yum -y install mariadb mariadb-server python2-PyMySQL
#此包用于openstack的控制端连接mysql所需要的模块,如果不安装,则无法连接数据库;此包只安装在控制端
yum -y install libibverbs
● 添加MySQL子配置文件,增加如下内容
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.86.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[mysqld]
bind-address = 192.168.86.11 #控制节点局域网地址
default-storage-engine = innodb #默认存储引擎
innodb_file_per_table = on #每张表独立表空间文件
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #默认字符集
character-set-server = utf8
systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
systemctl start mariadb
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否不允许root用户远程登陆
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y #是否删除test测试库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
所有创建虚拟机的指令,控制端都会发送到rabbitmq,node节点监听rabbitmq
yum -y install rabbitmq-server
#配置服务,启动RabbitMQ服务,并设置其开机启动。
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#创建消息队列用户,用于controler和 计算节点连接rabbitmq的认证(关联)
rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"
#配置openstack用户的操作权限(正则,配置读写权限)
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
#可查看25672和5672 两个端口(5672是Rabbitmq默认端口,25672是Rabbit的测试工具CLI的端口)
● 选择配置:
#查看rabbitmq插件列表
[root@ct ~]# rabbitmq-plugins list
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@c2
|/
[ ] amqp_client 3.6.16
[ ] cowboy 1.0.4
[ ] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.16
[ ] rabbitmq_auth_backend_ldap 3.6.16
[ ] rabbitmq_auth_mechanism_ssl 3.6.16
[ ] rabbitmq_consistent_hash_exchange 3.6.16
[ ] rabbitmq_event_exchange 3.6.16
[ ] rabbitmq_federation 3.6.16
[ ] rabbitmq_federation_management 3.6.16
[ ] rabbitmq_jms_topic_exchange 3.6.16
[ ] rabbitmq_management 3.6.16
[ ] rabbitmq_management_agent 3.6.16
[ ] rabbitmq_management_visualiser 3.6.16
[ ] rabbitmq_mqtt 3.6.16
[ ] rabbitmq_random_exchange 3.6.16
[ ] rabbitmq_recent_history_exchange 3.6.16
[ ] rabbitmq_sharding 3.6.16
[ ] rabbitmq_shovel 3.6.16
[ ] rabbitmq_shovel_management 3.6.16
[ ] rabbitmq_stomp 3.6.16
[ ] rabbitmq_top 3.6.16
[ ] rabbitmq_tracing 3.6.16
[ ] rabbitmq_trust_store 3.6.16
[ ] rabbitmq_web_dispatch 3.6.16
[ ] rabbitmq_web_mqtt 3.6.16
[ ] rabbitmq_web_mqtt_examples 3.6.16
[ ] rabbitmq_web_stomp 3.6.16
[ ] rabbitmq_web_stomp_examples 3.6.16
[ ] sockjs 0.3.4
#开启rabbitmq的web管理界面的插件,端口为15672
rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
amqp_client
cowlib
cowboy
rabbitmq_web_dispatch
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@c2... started 6 plugins.
#检查端口(25672 5672 15672)
ss -natp | grep 5672
LISTEN 0 128 *:25672 *:* users:(("beam.smp",pid=34623,fd=46))
LISTEN 0 128 *:15672 *:* users:(("beam.smp",pid=34623,fd=57))
TIME-WAIT 0 0 192.168.86.13:42078 192.168.86.13:25672
LISTEN 0 128 :::5672 :::* users:(("beam.smp",pid=34623,fd=55))
可访问192.168.238.11:15672
默认账号密码均为guest
● 作用:
安装memcached是用于存储session信息;服务身份验证机制(keystone)使用Memcached来缓存令牌 在登录openstack的dashboard时,会产生一些session信息,这些session信息会存放到memcached中
JWT
● 操作:
yum install -y memcached python-memcached
#python-*模块在OpenStack中起到连接数据库的作用
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
systemctl enable memcached
systemctl start memcached
netstat -nautp | grep 11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 35746/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 35746/memcached
yum -y install etcd
[root@ct ~]# cd /etc/etcd/
[root@ct etcd]# ls
etcd.conf
[root@ct etcd]# vim etcd.conf #数据目录位置
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.86.11:2380" #监听其他etcd member的url(2380端口,集群之间通讯,域名为无效值)
ETCD_LISTEN_CLIENT_URLS="http://192.168.86.11:2379" #对外提供服务的地址(2379端口,集群内部的通讯端口)
ETCD_NAME="ct" #集群中节点标识(名称)
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.86.11:2380" #该节点成员的URL地址,2380端口:用于集群之间通讯。
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.86.11:2379"
ETCD_INITIAL_CLUSTER="ct=http://192.168.86.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" #集群唯一标识
ETCD_INITIAL_CLUSTER_STATE="new" #初始集群状态,new为静态,若为existing,则表示此ETCD服务将尝试加入已有的集群
若为DNS,则表示此集群将作为被加入的对象
#开机自启动、开启服务,检测端口
systemctl enable etcd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
systemctl start etcd.service
netstat -anutp |grep 2379
tcp 0 0 192.168.86.13:2379 0.0.0.0:* LISTEN 36063/etcd
tcp 0 0 192.168.86.13:2379 192.168.86.13:52808 ESTABLISHED 36063/etcd
tcp 0 0 192.168.86.13:52808 192.168.86.13:2379 ESTABLISHED 36063/etcd
netstat -anutp |grep 2380
tcp 0 0 192.168.86.13:2380 0.0.0.0:* LISTEN 36063/etcd
#C1、C2安装OpenStack组件
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils